5
CVE-2002-2443
- EPSS 21.41%
- Veröffentlicht 29.05.2013 14:29:06
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mit ≫ Kerberos 5 Version < 1.11.3
Fedoraproject ≫ Fedora Version17
Fedoraproject ≫ Fedora Version18
Fedoraproject ≫ Fedora Version19
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version5.9
Redhat ≫ Enterprise Linux Eus Version6.4
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.4
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.04
Canonical ≫ Ubuntu Linux Version15.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.41% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.